Promoting a trust relation in web-applications

The world-wide used web application services are crucial in today’s life style and
economics. However, the lack of data and execution monitoring features in web
applications lead to a point in which the server can no longer trust the executions
done within the client-side device. To avoid risks, developers limit the execution
in the client-side devices which increases the work done by the servers. In order to
promote a trust relation, we propose a solution based on Intel’s SGX technology
that would allow the server to delegate the execution of web application functions
in the client-side device with strong security guarantees.
In order to do so, we developed a prototype called SecureJS that, first, is able
to interact with the web-page submitted by the server to make the delegated code
reach the native application that can run a SGX enclave, and second, is able to run
the delegated code within the enclave, which offers a secure and isolated execution
environment. In addition, the solution also provides remote attestation for both the
correctness of the code execution and the input and output data.
The results show that the prototype increases the execution time compared to
the actual state of art in JavaScript code execution, Google’s V8 engine. On the
other hand, the memory usage is reduced in the server side compared to the usage
of NodeJS and the delegated execution to the client-side device results in reasonable
memory consumption.
In conclusion, SecureJS can trigger a new area of possibilities within web
application services by increasing the security guarantees and balancing the actual
workload state.

Skapa referens, olika format (klipp och klistra)

BibTeX @mastersthesis{Fernandez2017,author={Fernandez, Asier Rivera},title={Integrity and confidentiality for web application code execution in untrusted clients},abstract={The world-wide used web application services are crucial in today’s life style and
economics. However, the lack of data and execution monitoring features in web
applications lead to a point in which the server can no longer trust the executions
done within the client-side device. To avoid risks, developers limit the execution
in the client-side devices which increases the work done by the servers. In order to
promote a trust relation, we propose a solution based on Intel’s SGX technology
that would allow the server to delegate the execution of web application functions
in the client-side device with strong security guarantees.
In order to do so, we developed a prototype called SecureJS that, first, is able
to interact with the web-page submitted by the server to make the delegated code
reach the native application that can run a SGX enclave, and second, is able to run
the delegated code within the enclave, which offers a secure and isolated execution
environment. In addition, the solution also provides remote attestation for both the
correctness of the code execution and the input and output data.
The results show that the prototype increases the execution time compared to
the actual state of art in JavaScript code execution, Google’s V8 engine. On the
other hand, the memory usage is reduced in the server side compared to the usage
of NodeJS and the delegated execution to the client-side device results in reasonable
memory consumption.
In conclusion, SecureJS can trigger a new area of possibilities within web
application services by increasing the security guarantees and balancing the actual
workload state.},publisher={Institutionen för data- och informationsteknik (Chalmers), Chalmers tekniska högskola},place={Göteborg},year={2017},keywords={Secure javascript, web application security, Intel SGX, enclave, Chrome, SecureJS.},note={84},}

RefWorks RT GenericSR ElectronicID 252354A1 Fernandez, Asier RiveraT1 Integrity and confidentiality for web application code execution in untrusted clientsT2 Promoting a trust relation in web-applicationsYR 2017AB The world-wide used web application services are crucial in today’s life style and
economics. However, the lack of data and execution monitoring features in web
applications lead to a point in which the server can no longer trust the executions
done within the client-side device. To avoid risks, developers limit the execution
in the client-side devices which increases the work done by the servers. In order to
promote a trust relation, we propose a solution based on Intel’s SGX technology
that would allow the server to delegate the execution of web application functions
in the client-side device with strong security guarantees.
In order to do so, we developed a prototype called SecureJS that, first, is able
to interact with the web-page submitted by the server to make the delegated code
reach the native application that can run a SGX enclave, and second, is able to run
the delegated code within the enclave, which offers a secure and isolated execution
environment. In addition, the solution also provides remote attestation for both the
correctness of the code execution and the input and output data.
The results show that the prototype increases the execution time compared to
the actual state of art in JavaScript code execution, Google’s V8 engine. On the
other hand, the memory usage is reduced in the server side compared to the usage
of NodeJS and the delegated execution to the client-side device results in reasonable
memory consumption.
In conclusion, SecureJS can trigger a new area of possibilities within web
application services by increasing the security guarantees and balancing the actual
workload state.PB Institutionen för data- och informationsteknik (Chalmers), Chalmers tekniska högskola,LA engLK http://publications.lib.chalmers.se/records/fulltext/252354/252354.pdfOL 30